One-time authentication tokens produce unpredictable one-time passcodes (OTP) typically by extracting pseudorandomness from a secret seed, that is stored at the token and shared with the authentication server. To protect against server-side leakage of the underlying seed, tokens may employ split-server verification protocols (see, e.g., U.S. Pat. No. 7,725,730). In a split-server verification protocol, the underlying authentication secret is split into at least two partial secrets, each one kept by a distinct verification server, so that authentication of a user is performed at these servers in a distributed manner so that certain attacks against one or more servers can be tolerated.
A number of such split-server OTP verification protocols have been proposed. See, for example, U.S. patent application Ser. No. 13/404,737 (now U.S. Pat. No. 9,118,661), entitled “Method and Apparatus for Authenticating a User Using Multi-Server One-Time Passcode Verification;” U.S. patent application Ser. No. 13/795,801 (now U.S. Pat. No. 9,037,858), entitled “Distributed Cryptography Using Distinct Value Sets Each Comprising At Least One Obscured Secret Value;” and U.S. patent application Ser. No. 14/144,707 (now U.S. Pat. No. 9,454,654), entitled “Multi-Server One-Time Passcode Verification on Respective High Order and Low Order Passcode Portions.”
Nonetheless, a need remains for an end-to-end server-side architecture for an OTP authentication system that simultaneously employs split-server verification and one or more of Silent Alarms (See, for example, U.S. patent application Ser. No. 13/404,788 (now U.S. Pat. No. 9,515,989), entitled “Methods and Apparatus for Silent Alarm Channels Using One-Time Passcode Authentication Tokens”) and Drifting Keys (See, for example, U.S. patent application Ser. No. 13/250,225 (now U.S. Pat. No. 8,699,713), entitled “Key Update With Compromise Detection”).